Go to listing page

Cyware Daily Threat Intelligence, April 06, 2021

Cyware Daily Threat Intelligence, April 06, 2021

Share Blog Post

Job seekers are caught in the crosshairs of cybercriminals. A campaign involving fake job offers is being used as a lure on LinkedIn to distribute the dangerous and nasty More_eggs backdoor. The ultimate goal of the attack is to infect and steal data from target devices.

An interesting fact related to the Mount Locker ransomware has come to the notice of researchers. After investigating a series of incidents, experts have come to the conclusion that the Mount Locker ransomware gang has rebranded itself to Astro Locker Team to expand its RaaS program.

Meanwhile, a new banking trojan dubbed Janeleiro appears to be focused on Brazil as a hunting ground. Written in .NET, the trojan is similar to other trojans such as Casbaneiro, Grandoreiro, and Mekotio.

Top Breaches Reported in the Last 24 Hours

E2i impacted
Singapore-based job matching institute e2i has suffered a data breach that resulted in the compromise of details of 30,000 individuals. The incident occurred due to an attack on a third-party vendor.

OnlyFans accounts affected
Private videos and images associated with hundreds of OnlyFans accounts were exposed after a shared Google Drive was posted online. The leaked files appear to have been uploaded in October 2020.

Top Malware Reported in the Last 24 Hours

Mount Locker linked to Astro Locker
Security experts have uncovered a series of events that establishes a relation between Mount Locker ransomware and Astro Locker Team. One of these events includes the names of five victims listed on both the groups’ sites. Researchers claim that the Mount Locker group has rebranded itself in an attempt to kickstart its RaaS program.

More_eggs backdoor’s chaos
Threat actors are using ZIP files to trick LinkedIn users into executing the More_eggs backdoor.  
The ZIP files used in the campaign are specially designed to target victims based on the job description on their LinkedIn profile. The backdoor is currently being executed on Windows systems.

Janeleiro trojan
A new banking trojan dubbed Janeleiro has been striking corporates in Brazil. The trojan, which has been in development since 2018, is similar to other trojans such as Casbaneiro, Grandoreiro, and Mekotio. The malware is distributed via phishing emails.

Hackers are using a new malicious document builder known as EtterSilent to run their cybercriminal schemes. The tool comes in two versions: one that exploits a vulnerability in Microsoft Office, and another one that imitates the digital signature product DocuSign.

Top Vulnerabilities Reported in the Last 24 Hours

Zero-click vulnerability
A researcher has released the PoC for a zero-click vulnerability in Apple’s macOS Mail that can allow attackers to add arbitrary files inside Mail’s sandbox environment, leading to a range of attacks. The flaw, tracked as CVE-2020-9922, can be triggered by sending an email with two ZIP files attached.

Unsecured SAP apps targeted
Threat actors are actively targeting unsecured SAP applications to expose the networks of commercial and government organizations to attacks. The exploitation of these vulnerabilities would allow attackers to take full control of unsecured SAP apps, bypass security controls, and steal sensitive data.


janeleiro trojan
zero click vulnerability
astro locker team
mount locker ransomware

Posted on: April 06, 2021

More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.